From cdcbf4599d615253103210bd37f09c2592be0e03 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Wed, 22 Apr 2026 05:18:10 +0200
Subject: Let systemd-networkd handle VPN egress interface on ingress machine

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/vpn/ingress.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'modules/vpn')

diff --git a/modules/vpn/ingress.nix b/modules/vpn/ingress.nix
index cc55fbb..2a6a582 100644
--- a/modules/vpn/ingress.nix
+++ b/modules/vpn/ingress.nix
@@ -25,6 +25,7 @@ let
 
   ingressName = index: "vpn-ingress${toString index}";
   egressName = "vpn-egress0";
+  egressAddress = "10.123.255.1/30";
 
   egressHost = name: "${name}.rnrd.eu";
 in
@@ -81,7 +82,11 @@ in
         {
           "20-${egressName}" = {
             name = egressName;
-            linkConfig.ActivationPolicy = "up";
+            address = [ egressAddress ];
+            linkConfig = {
+              ActivationPolicy = "up";
+              RequiredForOnline = "no"; # does not count as online
+            };
             routes = [
               {
                 Destination = "0.0.0.0/0";
@@ -131,7 +136,7 @@ in
             type = "tun";
             tag = inboundName;
             interface_name = egressName;
-            address = [ "10.123.255.1/30" ];
+            address = [ egressAddress ];
             auto_route = false; # we route manually
             strict_route = false;
             endpoint_independent_nat = true;
-- 
cgit 1.4.1